CVE-2025-55183 and CVE-2025-55184: New React RSC Vulnerabilities Expose Applications to Denial of Service Attacks and Source Code Leaks

A newly disclosed critical vulnerability in React Server Components (React2Shell, CVE-2025-55182) is being actively exploited in the wild by China-aligned state-backed groups to achieve remote code execution; researchers have observed deployment of an implant called EtherRAT. Subsequent analysis uncovered additional RSC flaws (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779) that can cause denial-of-service or source-code disclosure; vendor fixes are available (React 19.0.3, 19.1.4, 19.2.3) and the report urges prompt updates, detection, and use of threat intelligence to mitigate ongoing exploitation.